deShell
Files Timm Sandbox Mar10 Revised

Sanitizing a String

Problem
=======

Some hacker has inserted shell commands into some string that you think is just
a file name. If you try to _getline_ using that string, then (e.g.) all your
files get deleted.

Solution
========

Remove from that string all the special characters that enable shell commands.

 function deShell(str) {
     gsub(/["`\$;\|&><]/,"",str);
     return str
 }

   function DeShell(     s) {
       print deShell("Tim `rm -rf $HOME/*` Menzies") == "Tim rm -rf HOME/* Menzies"
   }

Author
======

Tim Menzies

